Darktrace pros and cons

I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.

t was pretty as far as the granularity of what you were getting out of it.

We have found the product to be stable and issue-free.

We liked their approach to identifying intrusions or network anomalies using AI.

The models, triggers, and alerts are customizable.

The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response.

Technical support is helpful and responsive.

The product offers us a very good user interface and we've found the network visibility to be very good so far.

The solution can scale.

The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.

In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from.

The price point for the product was too high for what our possible use case could be.

We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on.

Upper management wasn't sold on the value proposition.

The initial setup is more complex and time-consuming than some solutions.

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.

The pricing is a bit high for the region.

It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not.

I'd love them to see maybe covering the cloud a bit more.

The solution could be easier to use.